back to article Apple iOS 7 remote wipe: Can it defeat the evil scrumper scourge?

The two lawmen who fired up the Secure Our Smartphones Initiative – an effort to get smartphone makers to install kill switches in their handsets – have kind words for Activation Lock, the feature of Apple's iOS 7 that allows users to remotely wipe their iDevices, and which requires their owners' Apple ID and password to be …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Apple copying Google again

    Google rolled this feature out to all android handsets (android 2.2 on)several months back, no os update required, Google play services dealt with it.

    You can track and send remote commands to your device here;

    https://www.google.com/android/devicemanager?hl=en_GB&u=0

    1. ThomH

      Re: Apple copying Google again

      If it's just track, wipe and remote message, and you want to reduce everything to 'copying' then that's Google copying Apple again — it's been available on iOS devices since 2010. See http://en.wikipedia.org/wiki/Find_My_iPhone

      As to what the article is actually about, rendering a device permanently locked, regardless of reboots or firmware reinstalls, or having it always display a message,under the same criteria, that's not currently possible under Android and it never will be. The freedom to reflash cuts both ways.

      Hackers will likely circumvent Apple's measures but it's now an arms race. The Android audience hasn't been welcoming to devices that are actively built to lock you out so the same thing likely won't happen. Which is not entirely a good thing or entirely a bad thing.

    2. Steve Davies 3 Silver badge

      Re: Apple copying Google again

      Good luck getting the carriers and the likes of Samsung to send out those updates. They don't care about any phone once it has been sold.

      Only those with a clean Google build will see the benefit of this update.

      now what percentage of the Android phone base is that then?

      1. AndyS

        Re: Apple copying Google again

        As far as I can see, this is handled by Google Play, not the OS. So to re-phrase your question, what percentage of the Android phone base doesn't have Play installed?

        1. Anonymous Coward
          Anonymous Coward

          Re: Apple copying Google again

          My Android device does not have it. There again, as soon as it was activated, I deleted my google account. I want the Chocolate Factory to keep tabs on me thank you very much.

          As for this feature, as my phone is just used for, you know making calls (no Facebook, Twitter and all that crap) there is not a lot on it worth stealing.

          It only saving grace is that it is dual sim. Make travelling to foreign parts a breeze.

      2. Rob

        Re: Apple copying Google again

        Why would Samsung want to roll this out? They already provide this service themselves, if they didn't then my AV protection would do the same job, so now I have 3 services to choose from for locking, wiping and reporting my device.

        If I use all 3 will the person who stole the phone end up being a crumpled mess on the floor.

        HTC had this in sense from about version 2 I think.

    3. Annihilator

      Re: Apple copying Google again

      Many people missing the point. Up until this point, iOS 6 protected your content from being abused if you activated it - you were still able to wipe the phone and start again with it. As I understand it, Android devices operate in a similar way.

      The iOS 7 update allows you to permanently disable the phone. No unlocking, no wiping and selling it on as a usable device. I'm assuming that by its very nature, Android wouldn't be able to do this, you'll always be able to flash and re-use.

      1. WatAWorld

        Re: Apple copying Google again

        I don't see how Apple could stop the phone being re-flashed by someone with the skill and the equipment.

        As with bank vaults and any other security feature, physical or cyber, it is never 100% against someone with enough resources and enough time.

        What happens in the physical world is that the local police react and limit the time and resources available. But the multinational nature of the cyber world has so far prevented this there.

        1. pdxbrit

          Re: Apple copying Google again

          The exact same way they stop you from downgrading iOS etc. Despite the jailbreak successes, Apple have made it successively harder to break into their phones (I have an old boot-rom 3GS, one of the last iPhones to be "pwned for life").

          Certainly, with enough resources and effort it is possible that the lock can be defeated, but the whole point is that if it costs ten grand to defeat, then it's not cost-effective to steal the phone. This isn't defending against a superpowers spy agency. This is defending against "casual" theft and, as such, it seems it should be pretty effective. I'm not a big fan of the walled-garden approach, but this is clearly one advantage.

    4. LarsG

      Quite recently

      Someone I know was waving an iphone 5 around, commenting, I asked if he had just bought it.

      He replied he had and that it only cost him £30.

      It transpired a visitor to his premises had offered it to him along with a blackberry and new Nokia, he bought all three for £30. The visitor, a taxi driver had quite a business.

      He passed the other two on. However the iPhone was password locked so he phoned Apple for an activation code claiming he had forgotten his account details. In his own words, "when you phone Apple and talk to someone who sounds sharp and awake, put the phone down, try again until you hear someone who sounds like he couldn't care less, then ask for the code."

      It took him less than 15 minutes to activate a lost/stolen phone.

      I wonder if this can be used on the 5S

    5. leexgx

      Re: Apple copying Google again

      """"""""""

      You can track and send remote commands to your device here;

      https://www.google.com/android/devicemanager?hl=en_GB&u=0

      """"""""""

      guess i messed the news on that update, works very well

      But it should ask to be enabled before you use it the first time, as it let me track my 2 phones that are used as car trackers right away (wounder if there is a way of remotely viewing a android phone like remote desktop for android)

  2. Duncan Macdonald

    This requires 2 iDevices

    The Fine My iPhones app needs an iPhone or iPad to run on (as well as the lost device) so unless you have either 2 iPhones or an iPhone and iPad, this application will not be of much use.

    1. Chad H.

      Re: This requires 2 iDevices

      Or you simply login to iCloud.com..... which can be done from almost any internet enabled device....

    2. Anonymous Coward
      Anonymous Coward

      Re: This requires 2 iDevices

      Sorry to disappoint you, Duncan Macdonald, but no, you don't need multiple devices.

      You just log into iCloud on any browser. Ta-dah.

    3. Ted Treen
      Happy

      Re: This requires 2 iDevices

      "Fine my iPhone"?

      Why?

      What's it done?

  3. Anonymous Coward
    Anonymous Coward

    Macs, too

    Nope, it runs on Macs, as well. If you're on a Windows or Linux box, however, you're S.O.L.

    1. Colin Wilson 2

      Re: Macs, too

      No - any device with a browser will do - just go to iCloud.com from your Windows PC, Linux box, your poor mate's Android tablet, etc...

      1. Anonymous Coward
        Anonymous Coward

        Re: Macs, too

        Ah, yes, you're correct – what I meant to say is that Find My [Apple device] works to find your Mac, as well.

  4. Dan 55 Silver badge
    Facepalm

    "After months of pressure from a global coalition of elected officials and law enforcement agencies"

    Anyone would think they designed and coded it themselves too, the way they tootle their own horn.

    Still, as it's Apple it's the first of its kind, politicians and policemen agree. No other mobile OS or third party app has ever provided similar functionality.

  5. Michael B.

    You mean Apple didn't have this feature already.

    Even Microsoft managed to get it implemented in 2010 for Windows Phone. ( Around the same time as Android got it.)

    1. Colin Wilson 2

      Re: You mean Apple didn't have this feature already.

      Apple have had 'Find my Phone' for years too.

      The new feature in iOS7 is that if you have Find My Phone turned on, you can't use the phone - even if you totally wipe it, reset all settings and re-install the operating system - unless you know the owner's Apple ID & password.

      If you want to sell or give your phone to someone else, you first have to turn off Find My Phone (which requires you Apple ID & password too)

  6. Neoc

    Weird...

    I could have sworn I had these kind of features on my old Galaxy S2 and new S4 quite a while ago. Oh, wait, I did! Including constant ringing, wiping the phone, tracking the phone, etc, etc, etc..

    What annoys me is not that Apple announces these "new" features; it's the way they try to make it sound like they invented it or that it's only available on their products.

    1. Chad H.

      Re: Weird...

      its had wipe for ages... but if I wipe your Galaxy S2, am I still locked out?

  7. John Tserkezis

    Hope you get to your "Kill Switch" before the thief does:

    http://www.forbes.com/sites/andygreenberg/2013/09/19/ios-7-bug-lets-anyone-bypass-iphones-lockscreen-to-hijack-photos-email-or-twitter/

    "iOS 7 Bug Lets Anyone Bypass iPhone's Lockscreen To Hijack Photos, Email, Or Twitter"

    "Jose Rodriguez, a 36-year-old soldier living in Spain’s Canary Islands, has found a security vulnerability in iOS 7 that allows anyone to bypass its lockscreen in seconds to access photos, email, Twitter, and more."

    You *could* laugh about this, but it just isn't funny anymore - will apple ever learn?

    1. Colin Wilson 2

      Re: Hope you get to your "Kill Switch" before the thief does:

      I just tried it - it works! It doesn't completely unlock the phone, but enough to see your photos and send them via e-mail, facebook, twitter, etc. Plus you can bring up the Contacts if you try to mail a photo.

      I'm sure there'll be a fix along soon - but in the meantime - fail!

  8. iLurker

    Half-assed implementation.

    Not so great - its easily defeated because both Siri and the Control Panel are accessible while its locked.

    Any thief can ask Siri to activate Airplane mode immediate, after that it can't be deactivated.

    Without His Steveness Apple is clearly slipping on the quality of their designs.

    1. tony
      Happy

      Re: Half-assed implementation.

      You can disable both Siri and Control panel whilst locked.

      But having to keep a phone in airplane mode will ruin the black market value.

      1. Anonymous Coward
        Anonymous Coward

        Re: Half-assed implementation.

        you sir miss the point; in airplane mode (and withoutwifi) the "kill switch" cannot be activated. it buys time for the miscreant to work around disabling said kill switch and prepping the device for resale, by idk, imei / apple id changing/jail-breaking, whatever it is the cool kids do today...

        1. tony
          Happy

          Re: Half-assed implementation.

          I said it would ruin the black market value as it will make it trickier to wipe, not impossible.

          And going by some of the stories around stolen phones my guess is the existence of airplane mode is unknown to them.

        2. retroneo

          Re: Half-assed implementation.

          Incorrect.

          Even reflashing doesn't bypass activation lock.

          Activation lock never needs the remote wipe or lost mode - it's always on.

  9. BigAndos

    New Standard Mugging Demand

    "Give me your wallet, phone and iCloud password or else!"

  10. M Gale

    Or...

    Just take the thing apart and sell any salvageable bits. Unlock codes won't stop someone with a screwdriver.

    I don't think these measures as so much anti-theft as anti-letting-some-scrote-perv-over-your-selfies.

  11. Anonymous Coward
    Anonymous Coward

    Not available on 5C's

    Because to true iTard want's one so none will get stolen!

  12. Graham Marsden
    Pirate

    Incoming text...

    ... Your iPhone has been infected with a virus. Send $500 to this anonymous e-mail address or we remotely wipe it...

  13. Anonymous Coward
    Anonymous Coward

    Lost (and found by an honest & helpful person) vs. stolen

    Here in the Cold Colony, it seems that missing phones are lost, and most are returned.

    The system needs to account for this possibility.

  14. bigtimehustler

    What actually stops you putting the phone into recovery mode, connecting up xcode or itunes and reinstalling the firmware? When you do this the phone starts up as a new phone, asking if you would like to register your own details with it. Presumably it would also be very easy to install a jailbroken version of the OS during this simple process also (which inevitably will be released shortly). So this is just nonsense, any criminal will know how to do this, a lot of non technical people do this now.

    1. stuff and nonesense

      @bigtimehustler

      There is nothing to stop some spotty oik doing as you suggest however a thief wants to hold on to the stolen kit for as short a time as possible. They want money for their ill gotten stash quickly. They want to offload the kit with great haste - "if I have not got it prove I had it".

      A solid remote lock up as the article describes is a good step forward. It may mean your new shiny phone ends up cast aside, broken and unwanted but IF all the manufacturers can implement robust systems the idea of stealing smart phones will begin to fade into the past - there will be no cash as the devices will become unsellable. (Thieves may steal out of malice and not greed - nothing will stop that)

      People will find ways around such schemes, Manufacturers will have to stay on their toes but making the task of offloading stolen goods more difficult is a laudable aim.

  15. Anonymous Coward
    Anonymous Coward

    Most amusing to see fandroids out in force

    and in their haste to sneer and hector, missing the point and endlessly claiming that the "new" feature is something that's been around for many years on ALL Major platforms.

    RTFA guys, this isn't simple tracking or wiping - that's old news - this is permanent locking.

    Of course how robust this is is yet to be proven and personally I'm not convinced, but if it is strong enough overnight it renders stolen IOS7 devices worth only the spares value.

    Time will tell.

  16. SeymourHolz

    great idea

    until you realize how buggy both software and human procedures are, and there will be phones getting wiped for no reason

  17. The Infamous Grouse
    Flame

    Wrong deterrent timing

    The problem with these lock / wipe / brick technologies is that they only apply at the point of attempted re-use, not at the point of theft, which makes for a lousy deterrent. Your average opportunist thug or phonesnatcher-on-a-bike is unlikely to care, and if they did they wouldn't waste time scoping out a mark to see whether or not they had one of the more protected handsets. If they see someone waving around any bit of shiny at an opportune moment they'll grab it and be gone.

    If the device is locked down tight so that the user's data is protected, that's great. But as for getting the device back because it can't be used, or deterring the theft in the first place, no chance. If you've accidentally left a phone somewhere frequented by honest people then perhaps this has merit. But for preventing deliberate handset snatching, forget it.

    The only true deterrent against opportunist phone theft would be something that made the handset burst into flames if it went out of range of a Bluetooth accessory. But as someone who has regularly left work without his phone and only noticed when the music in the headset started to break up, I fear the "false positives" could be a significant problem.

  18. WatAWorld

    Many phone thieves are people doing it for themselves or their friends,

    It will be interesting to see how much effort is required to circumvent Apples locking.

    Many phone thieves are people doing it for themselves or their friends, not organized gangs with access to technical assistance.

    It would be nice if Apples lock can at least keep them out, it would be a big step.

    Yes ideally the lock will keep out even skilled hackers, but the hacking community thrives so openly due to lack of international law enforcement against computer crime, so I don't see that happening with Apple, Google or MS. With no law enforcement and essentially unlimited time, hackers will eventually break any tools anyone can dream up.

  19. mcnicholas

    Jailbreakers

    It will be interesting to see how the jail breakers handle this. My opinion is that the core teams are ethical - they Jailbreak so that users can install non-approved apps, unlock the SIM from a carrier, and so on. The downside is that this allows app piracy.

    If there's a way to provide JB without circumventing the lock I would expect them to do it.

    Of course, there will be others who will attempt to break the lock, but time will tell how widely available that knowledge (and toolset) will become.

  20. retroneo

    Article Incorrect Title

    The new feature isn't "remote wipe", which has been part of the iPhone since OS 2.0

    The new feature is "activation lock", which prevents activation of the iPhone even after a full reflashing.

  21. MeRp

    Needed for android

    Unfortunately for something like this to happen on Android it would have to be implemented by each individual hardware manufacturer. Currently, at least with TWRP custom recovery, you can lock down both the OS itself, as well as the recovery mode, however you cannot lock down the bootloader. For samsung this is "Odin mode" or download mode, but it varies for each manufacturer. If they added the ability to specify a pin for that mode (that you needed to enter on the device when you put it into that mode), then this would give coverage for Android phones.

    The biggest problem with Android not having this is; without the majority of smartphones being immunized to being stolen, then you cannot really get the herd immunity that Apple is looking for here; just because it is worthless to steal an iDevice doesn't mean that thieves won't grab any and all devices that appear to be smart phones and just toss the worthless ones into the local canal/sewer/etc.

This topic is closed for new posts.

Other stories you might like